Lucene search
K

11 matches found

NVD
NVD
added 2026/04/07 9:16 a.m.5 views

CVE-2026-28810

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...

6.3CVSS0.00269EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2022/10/20 10:9 a.m.10 views

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

3.7CVSS7.2AI score0.01401EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/10/19 10:43 p.m.4 views

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

3.7CVSS7.2AI score0.01401EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/10/19 10:32 p.m.6 views

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

3.7CVSS7.2AI score0.01401EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/10/19 10:27 p.m.5 views

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

3.7CVSS7.2AI score0.01401EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/10/19 9:32 p.m.5 views

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

3.7CVSS7.2AI score0.01401EPSS
Exploits0References4
OSV
OSV
added 2022/09/26 3:32 p.m.8 views

USN-5639-1 linux-azure-fde vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Moshe Ko...

8.2CVSS6.8AI score0.05542EPSS
Exploits3References7
RedHat Linux
RedHat Linux
added 2018/03/07 10:33 a.m.6 views

OpenJDK: DnsClient missing source port randomization (JNDI, 8182125)

It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries...

5.8CVSS7.4AI score0.04162EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/02/26 10:27 p.m.6 views

OpenJDK: DnsClient missing source port randomization (JNDI, 8182125)

It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries...

5.8CVSS7.4AI score0.04162EPSS
Exploits0References4
PyPA
PyPA
added 2010/10/19 8:0 p.m.6 views

PYSEC-2010-22

pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command...

5CVSS6.6AI score0.01127EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2008/08/11 5:2 p.m.5 views

bind: implement source UDP port randomization (CERT VU#800113)

The DNS protocol, as implemented in 1 BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; 2 Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referral...

6.8CVSS6.7AI score0.95182EPSS
Exploits20References4
Rows per page
Query Builder